From 3a6d3eeb9a9886f91d8c85282d3b24ff82b12054 Mon Sep 17 00:00:00 2001 From: devitway Date: Tue, 24 Feb 2026 12:14:29 +0000 Subject: [PATCH] feat: add binary + sha256 to GitHub Release artifacts --- .github/workflows/release.yml | 40 +++++++++++++++++++++++++++++------ Cargo.toml | 2 +- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9567dc4..772716c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: packages: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v4 - name: Set up Rust run: | @@ -52,7 +52,7 @@ jobs: type=raw,value=latest - name: Build and push (alpine) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v5 with: context: . file: Dockerfile @@ -76,7 +76,7 @@ jobs: type=raw,value=redos - name: Build and push (redos) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v5 with: context: . file: Dockerfile.redos @@ -120,7 +120,7 @@ jobs: # ── CVE scan of the pushed image ──────────────────────────────────────── # Images are FROM scratch — no OS packages, only binary CVE scan - name: Trivy — image scan (${{ matrix.name }}) - uses: aquasecurity/trivy-action@0.34.1 + uses: aquasecurity/trivy-action@0.30.0 with: scan-type: image image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.tag }}${{ matrix.suffix }} @@ -145,7 +145,7 @@ jobs: packages: read # to pull image for SBOM generation steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v4 - name: Log in to Container Registry uses: docker/login-action@v3 @@ -158,6 +158,18 @@ jobs: id: ver run: echo "tag=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT + # ── Binary — extract from Docker image ────────────────────────────────── + - name: Extract binary from image + run: | + docker create --name nora-extract \ + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.tag }} + docker cp nora-extract:/nora ./nora-linux-amd64 + docker rm nora-extract + chmod +x ./nora-linux-amd64 + sha256sum ./nora-linux-amd64 > nora-linux-amd64.sha256 + echo "Binary size: $(du -sh nora-linux-amd64 | cut -f1)" + cat nora-linux-amd64.sha256 + # ── SBOM — Software Bill of Materials ─────────────────────────────────── - name: Generate SBOM (SPDX) uses: anchore/sbom-action@v0 @@ -178,13 +190,29 @@ jobs: registry-password: ${{ secrets.GITHUB_TOKEN }} - name: Create Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@v1 with: generate_release_notes: true files: | + nora-linux-amd64 + nora-linux-amd64.sha256 nora-${{ github.ref_name }}.sbom.spdx.json nora-${{ github.ref_name }}.sbom.cdx.json body: | + ## Install + + ```bash + curl -fsSL https://getnora.io/install.sh | sh + ``` + + Or download the binary directly: + + ```bash + curl -LO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/nora-linux-amd64 + chmod +x nora-linux-amd64 + sudo mv nora-linux-amd64 /usr/local/bin/nora + ``` + ## Docker **Alpine (standard):** diff --git a/Cargo.toml b/Cargo.toml index 2c91cc6..9168ef5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,7 +7,7 @@ members = [ ] [workspace.package] -version = "0.2.22" +version = "0.2.23" edition = "2021" license = "MIT" authors = ["DevITWay "]